AI meeting summaries in law, protecting privilege while saving time
How legal teams can use AI summarization without compromising attorney-client privilege, work product doctrine, or discovery posture.
The legal team's question about AI meeting summarization is not "does it work". The question is "what does it create that is discoverable, who has access to it, and how does it interact with privilege". Those questions have answers, but the answers depend on choices about which meetings are summarized, which vendor is used, what is in the summary, and how the artifact is stored after generation.
This article is a practical framework for in-house counsel, law firm partners, and legal department managers thinking about deploying AI summarization without creating new exposure. It is not legal advice; consult your own counsel for your specific jurisdiction and matter.
An AI meeting summary is a created document. Like any created document in a legal practice, it is potentially discoverable, potentially privileged, and potentially work product depending on who created it, why, and what it contains. Treating the summary as a legal artifact from the moment it is generated is the framework that keeps a meeting AI from becoming a privilege problem.
What changes when an AI is in the room
A meeting summarization tool changes the legal posture of the meeting in three ways:
- A new artifact is created. The audio recording, the transcript, and the summary are all documents that did not exist before the tool was used. Each can be subpoenaed, each can be discoverable, each can be subject to a litigation hold.
- A third-party processor is involved. Even with strict vendor contracts, the audio passes through the vendor's infrastructure. That fact alone may affect privilege analysis in some jurisdictions; it certainly affects work product analysis if the vendor is treated as a non-attorney third party.
- The metadata is rich. AI summaries typically carry timestamps, speaker attributions, and confidence indicators. This metadata can be probative in ways the original recording is not.
For a routine internal status meeting, none of this matters. For a meeting where the conversation touches privileged matter, all of it does.
When you should never use AI summarization
The list, in priority order:
- Attorney-client communications about pending or anticipated litigation. The summary becomes a derivative work-product document. Whether privilege survives the third-party processor depends on jurisdiction, vendor contracts, and the specific facts. The safer answer is to not create the summary in the first place.
- Internal investigations under privilege. Same logic, more visibly fact-sensitive. Investigation interviews, witness debriefs, board briefings on legal exposure, these are conversations where the cost of a discovery dispute over the summary exceeds the benefit of having it.
- Settlement discussions and mediation. Often protected by mediation privilege or settlement-discussion rules. AI summarization adds a new artifact that may or may not inherit that protection.
- Communications with confidential informants, whistleblowers, or protected sources. The risk profile is too high; do not create artifacts.
For these conversations, take notes by hand if you need them. Do not put a recorder or a transcription bot in the room.
When AI summarization is fine, with safeguards
Most legal practice work is not in the categories above. Routine work that benefits from AI summarization, with safeguards:
- Client status calls that do not touch active litigation strategy. The summary is a service artifact; it does not need to be privileged.
- Witness interviews in non-privileged contexts (e.g., factual interviews, employment investigations under properly scoped engagement letters with non-attorney third parties already involved).
- Continuing legal education recordings, conference talks, training sessions. No privilege at issue; summarization is purely productivity.
- Internal team operational meetings, staffing, billing, practice management. Same as any other office.
- Document review meetings and discovery planning sessions, with caution. If the discussion involves work product analysis, treat it like the categories above.
The decision is not "this tool or no tool". It is "this meeting or that meeting", and the meeting AI is a tool that runs only on the meetings where it is appropriate.
The three-question test
Before any meeting becomes a candidate for AI summarization, three questions:
- Could a transcript or summary of this meeting be subpoenaed in litigation involving the firm or the client? If yes, do not summarize.
- Does this meeting include attorney work product or attorney-client privileged communications? If yes, do not summarize.
- Would the firm be comfortable seeing this summary as an exhibit in a deposition? If no, do not summarize.
If all three answers are no, meaning the meeting is operational, not strategic, and the summary would not embarrass anyone in a deposition, the meeting is a candidate.
Vendor due diligence checklist for legal practice
The legal practice diligence on a meeting AI vendor goes beyond the standard procurement checklist:
| Criterion | Why it matters | Acceptable answer |
|---|---|---|
| Audio + summary retention period | Each retained artifact extends the discovery surface | 24 hours or shorter, then deletion |
| Storage and processing region | Cross-border issues affect privilege and work product | EU-resident, by default |
| Vendor access to audio | Engineer access during processing creates third-party touch | Audited access, role-based, logged |
| Training on user content | Summary content entering training is unrecoverable | Never, contractually |
| Sub-processor list | Each sub-processor is a third-party touch | EU-resident, transparent, change-notification |
| Audit logs of access to source media | Required to demonstrate chain of custody if challenged | Per-tenant, retained per the customer's policy |
| Litigation hold support | If a hold attaches, the vendor must be able to suspend deletion | Documented procedure |
| Per-tenant deletion on demand | Required for litigation hold release and for client offboarding | Self-serve, audited |
| Subpoena response process | The vendor must have a process; you want to know what it is | Documented, transparent, customer-notification policy |
The right column is what a legal practice should write into its vendor template. Vendors who handwave on any of these create exposure for the firm.
A note on retention and EnClair
EnClair stores audio and summaries for 24 hours, then deletes both. Hosting and processing are in Europe, on every plan, by default. We do not train models on user inputs or outputs. Per-tenant audit logs are available. The full posture is on the security page. The deeper procurement framework is in the GDPR-compliant meeting summarization article.
For litigation hold scenarios specifically, the 24-hour default deletion can be suspended on a per-tenant basis under contract. Contact the team through /en/contact for the documented procedure.
What to take from this
AI meeting summaries do not break privilege automatically; they do create new artifacts that interact with privilege analysis. The framework that works for legal practice is the same framework that works for any document creation: be deliberate about which meetings produce which artifacts, run vendor diligence at the standard a regulator would, and treat the summary as a legal document from the moment it is generated. Done that way, AI summarization saves time on the meetings where time matters and stays out of the meetings where time is not the point.
This article is general guidance, not legal advice. For your specific jurisdiction, matter, and engagement, consult qualified counsel.
Tags
- legal
- Workflow
- gdpr